In a response to a letter from the Representatives Joe Barton and Edward Markey, Facebook addressed concerns about privacy breaches by Facebook applications — saying sharing user IDs does not constitute a privacy breach, but adding that Facebook, as an industry leader, would spearhead an industry-wide effort to prevent the sharing of such information in the future.
On October 18, the Wall Street Journal reported that certain Facebook applications had been sharing data about Facebook users with third parties, some intentionally and some unintentionally. Representatives Barton and Markey are the co-chairmen of the House Bi-Partisan Privacy Caucus, a subcommittee of the Energy and Commerce Committee, which is responsible for dealing with issues of consumer privacy. The two congressmen wrote a letter to Mark Zuckerberg and Facebook asking for information after reading the Journal article.
“Notwithstanding the title of the Wall Street Journal’s article,” Marne Levine, vice president of Global Public Policy wrote on behalf of Facebook, “the sharing of UIDs by Facebook with third-party applications does not involve the sharing of any private user data and is in no sense a privacy ‘breach.’ On the contrary, the sharing of UIDs is critical to people’s ability to use third-party applications on the Facebook Platform.”
It is simply, he went on to say, “a by-product of how Internet browsers work.”
Moreover, he added, when a user loads an application, “he or she agrees to share certain information with the application – including his or her Facebook UID – so that the application can provide an innovative, social experience.”
The major problem Facebook cited was the fact that certain applications that were sharing UIDs on purpose which is a “direct violation of our terms,” though Levin again stressed that UIDs did not allow access to any information that the user had chosen to keep private using Facebook’s privacy settings.
Nonetheless, the letter continued, “we recognize and accept our leadership position,” and were not only putting in place mechanisms to prevent this from happening again, but also “working to launch an industry-wide initiative to equip browsers with privacy controls that would prevent such inadvertent passing of information.” Facebook is also requiring that all these networks delete any UIDs they have acquired in the process.